Friday, 30 August 2013

Copy is a cloud storage solution which aims to rival Dropbox. It offers considerably more free storage at 15GB with an extra 5GB available if you install additional apps or give recommends, so much more free storage is available if needed.

It has a number of different clients to use on your Centos 6 box but the one we use here is the QT based GUI/Tray client called CopyAgent demonstrated on the Live CD, as my usual Centos Minimal Fluxbox system is currently in repose, hopefully I will get it back shortly. It is available in both 32 and 64 bit formats.

To use it on Centos 6 or RHEL create a free Copy account using your regular Email address. Once done you can download the Copy app for Linux from the link provided. You can install it on your standard setup or even on the Centos Live CD and it works fine on either. It has a command line client in addition to a GUI.

Once your account is created you will see the link for the Linux app in tgz format, so download it to your home folder, open up a terminal as root and cd to your /opt directory

$ sudo su

# cd /opt

# tar xzf /home/centoslive/copy_agent-1.35.0524.tgz

Now cd in to the /opt/copy/x86 (or x86_64) folder to run the setup installation file.

# cd /copy/x86

# ./CopyAgent

Copy setup screen Centos 6

Copy cloud storage installation Centos 6

Copy cloud storage installation Centos 6

Copy cloud storage PDF guide Centos 6

This will create a folder on your computer called 'Copy.'

As long as the Copy application is running and you are logged in to your account, any file you place in the “Copy” folder will automatically upload to the cloud and be accessible via Copy.com and any other computer that you have running Copy.

The contents of your Copy cloud storage folder can be shared by simply right clicking on the file and selecting a share option, either Public or Private, the file will be available for download via the link address given to you. This a particularly welcome and useful feature, enabling easy and controlled file sharing.

So if you need a little more storage than you have already, head over to Copy and grab your free 20GB. It can be run together in tandem with Dropbox on Centos so you can compare the two services if required.

Tuesday, 20 August 2013

Sharing a home directory with Samba has its advantages, but it is not perfect for every scenario.

You may want to create a shared folder that is used by one or more users to store documents, images, or to act as a repository for your media files or you might need to provide limited permissions, read-only access, or a global directory for a group of users. Here we look at creating a custom share folder that can be used to augment your networking environment.

We will look at both individual access and group access to a customized share folder of your choice.

Individual Access

To begin, log in as root and create a new directory by typing the following

# mkdir/home/<foldername>

Assign the ownership of this folder to a particular user and group. Set the permissions using values to suit your own setup

# chown <username> /home/<foldername> && chgrp <groupname> /

home/<foldername> && chmod 0770 /home/<foldername>

When you have finished, open the Samba configuration file

# vi/etc/samba/smb.conf

Scroll down to the bottom of the file and add the following lines, remember to customize the comment, the foldername value, and replace username and groupname with the same values as used in the previous step.

[foldername]

comment = your foldername description

path = /home/foldername/

browseable = yes

guest ok = no

writable = yes

create mask =0666

directory mask =0770

valid users = username

force group = groupname

forceuser = username

You may want to customize the preceding values to suit your setup.

Any new directory created will be given the permissions of 0770, while any new file added will have the permissions set to 0666. The only valid users that can connect to this share folder are defined by the username value while all files and directories will have the group name of groupname applied to it.

When you have finished, save the configuration file before restarting the

Samba server like so service smb start && service nmb start.

Group Access

If you are intending to enable multiple user access, then you can enhance this to include more users by listing the relevant usernames, like so

valid users = username1, username2, username3

Alternatively, you can specify the @ parameter as below

valid users = @groupname

This states that anyone who is a member of groupname is a valid user for the share folder concerned. Your modified configuration statement could look similar to this

[folder_name]

comment = folder_name description

writable = yes

valid users = @groupname

path = /home/samba/folder_name

create mode = 0660

directory mode = 0770

If you wanted a particular share to be accessible by the users of multiple groups, then the code would look more like this

[folder_name]

comment = folder_name description

writable = yes

valid users = @groupname1, @groupname2, @groupname3

path = /home/samba/folder_name

create mode = 0660

directory mode = 0770

To use the group access feature, users must be members of the same group as Samba cannot overrule the existing rules set by CentOS.

Wednesday, 14 August 2013

A network does not have a recycle bin and the action of deleting a file from a shared folder on your network will result in the permanent loss of that data. So here we look at creating a holding area for files and folders and enable you to recover data that was accidentally deleted through a simple implementation of Samba's recycling process, CentOS will treat those files in the same way as though you were deleting a file on your desktop.

Tuesday, 13 August 2013

Configured as a standalone server, Samba's resources will be made available in either share mode or in user mode. This means that all passwords are associated with an existing system account, so start by creating a new CentOS user.

Log in as root and create a new system group by typing

# groupadd sambausers

Now create a new system user and add them to the new group

# useradd username -m -G sambausers

This will create a new user profile and establish an associated user ID, make the relevant home directory (-m), set the default shell to bash, and add them to a group called sambausers.

Now to create a Samba password for the new user

# smbpasswd -a username

The user name being the name set up earlier, at the prompt give the password you wish to use.

Samba does not manage usernames, but it enables you to create a password for a valid system user account. The Samba user is inextricably tied to this account so first we create a new CentOS group.

All system users should belong to a group and in this instance we create a group called sambausers.

We all know that servers can maintain any number of users, but by creating a relationship between them, you can provide a common rule that will enable the members of the same group to read, write, and execute specific files and directories.

In many respects, groups represent the principle component of an organization, and this not only makes the task of administration much easier, but it also enables you to develop a subset of user-based rights that is based on a group privilege.

Disable and Delete a Samba user

To disable a samba user, log in as root and type

# smbpasswd -d username

To delete a Samba user, log in as root and type

# smbpasswd -x username

By deleting the password you will not be removing the associated user profile (username) from the server or affecting the relevant home directory and its contents.

So there is always an option of re-enabling the account at any time. However, if you would like to delete these items permanently, then you must use the following command

# userdel –r username

Use the –r flag to delete the user, the associated home directory and the mail spool.

Monday, 12 August 2013

A common way to share files across different computer systems is to install and configure Samba as a standalone file server.

Standalone servers are configured to provide local authentication and access control to all the resources they maintain.

They are independent of all domain controllers and where a standalone server is expected to function like a workgroup server, a simple configuration is all that is required in order that all data served will be readily accessible to the entire user base.

Samba is a very popular open source distribution and we look at how to deliver an instant approach to file sharing that provides seamless integration for any number of users on any type of modern computer across your entire working environment.

If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. Similarly, if you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.

MY_SERVERS_NAME refers to the name of your server. In most
situations this could be in the form of FILESERVER or SERVER1
and so on.
ethX refers to the name of your primary Ethernet interface. In
most situations this could be eth0 although here I am on wlan0.

XXX.XXX.XXX.XXX/XX refers to the primary network address.
This will be something similar to 192.168.1.100/24.

Now configure Samba as a standalone server. Continue to
add the following lines to your main configuration file

Now add support for home directory sharing by enabling valid users to access their home directories. This feature will support the appropriate read/write permissions and all folders will remain private from other users. Add the following.

Samba provides support for printing by default and it will try to connect to a printer regardless as to whether a printer is connected to your server or not. So, unless you are intending toinstall CUPS, you should consider disabling printer sharing in order to avoid any unnecessary error messages being recorded in the Samba logfiles.

Log in as root and open the main Samba configuration file

# vi/etc/samba/smb.conf

Scroll down to the end of the global section and comment oot the section on printer support

SELinux will prevent users from accessing their home directory. There is the option to disable SELinux, but if you do intend to keep this service running you will be required to relax the conditions that SELinux employs on your server.

So log in as root and check the mode by typing

# getenforce

If it is set to Enforcing, then reset it to Permissive by typing the following

# setenforce 0

Now type the following command to enable the home directories

# setsebool samba_enable_home_dirs on

In addition to this, if you are trying to enable Samba as a domain controller, use

# setsebool -P samba_domain_controller on

Remember, if SELinux is enabled and you do not execute the preceding commands, your users will continue to experience errors when trying to access the server.

Opening the firewall

If you are running IPTables, you will need to configure your firewall in order to allow access to your Samba server. To do this, log in as root and type the following commands to open ports

In a mixed operating system environment it is not always advisable to make Samba the master browser, but it may be the case that this small addition may serve to improve the
overall performance of both CentOS and your network in general.

To do this, log in as root and open the main Samba configuration file in your favorite text editor as below.

If you have more than one Samba server running on your network, then only one server should be elected as the primary master browser and given the os level stated earlier.

Adding user to password

The password to access the Samba can be setup to use the same or
different password than your local account. In the image below you will see
the -a option, this will tell Samba to add the users account which in this case is centoslive to the
smbpasswd.

Saturday, 10 August 2013

MariaDB is the robust, scalable, and reliable drop in replacement for MySQL with extra features including batched key access, block hash join, User-set memory limits, Null-rejecting conditions, In-to-exists, Semi-join, Materialisation and much more. It is used by a number of projects including Jelastic, MediaWiki, Moodle, Zend Framework, Drupal and others. Recently, the mighty federation backed Google are relinquishing their old MySQL kit for shiny new MariaDB relational relations. It is available for Centos 6/RHEL (and others ) via the MariaDB repo.

So first go the MariaDB site and select a suitable version of the repo file for your setup.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we\'ll need the current
password for the root user. If you\'ve just installed MariaDB, and you haven\'t set the root password yet, the password will be blank, so you should just press enter here.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from \'localhost\'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named \'test\' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Friday, 9 August 2013

PostgreSQL can be configured to allow remote access using a method called Host Based Authentication and here we look at client authentication in order to provide the access rights.

Centos 6 Restart Posgresql

First open the Host Based Authentication configuration filevi /var/lib/pgsql/data/pg_hba.conf

And alter the values to appear similar to below

# TYPE DATABASE USER CIDR-ADDRESS METHOD# "local" is for Unix domain socket connections onlylocal all all trust# IPv4 local connections:host all all 127.0.0.1/32 trusthost all all 192.168.0.0/24 md5

# IPv6 local connections:host all all ::1/128 indentSave and close the file.

The IPv4 entry above as an example gives the range of available addresses to use from the router, so typically the above entry would suit an IP address of 192.168.0.100

Each of the above records specifies a connection type, database name, a user name, a client IP address range, and the authentication method. An IP address range may not always be relevant but PostgreSQL will read this file in order and if record indicates that access is not allowed, then access will be denied.

There are several different methods of authentication

trust: allows the connection unconditionally and it enables anyone to connect with the database server without the need for a password.

reject: allows the database server to reject a connection unconditionally. A feature that remains useful when filtering certain IP addresses or certain hosts from a group.

md5: implies that the client needs to supply an MD5-encrypted passwordfor authentication.

Remote connections will not be possible unless the serveris started with an appropriate value for listen_addresses, and here we adjusted the default value from a loopback address to allow the server to listen to all IP addresses (signified by the use of a star symbol or *) on the 5432 port.

Save and close the file , and restart the server.$ sudo service postgresql restartSo with Host Based Authentication set up you will have the ability to access your PostgreSQL server both locally and remotely.

Wednesday, 7 August 2013

PostgreSQL is an Open Source Object-Relational Database Management System and is available from the standard Centos repo.

It's architecture and large array of features make it an attractive solution for many companies who are concerned with data integrity.

Postgres is an easy-to-install database system and uses atemplate system which supports a large part of the SQL standard.To install it in Centos 6, log in as root and type.# yum install postgresql postgresql-server

Now enable the database server at boot by typing

# chkconfig postgresql on

Then initialize the database

# service postgresql initdbStart the database by typing

# service postgresql start

Now assign your current CentOS user account as a database user

Connect to the database using the following command$ sudo su ­ postgres

A new database will be created by cloning the standard system database so launch the psql command-line utility.

-bash-4.1$ psql template1

Now issue a command to create a database, so by substituting the relevant values with those associated with your system user account

CREATE USER <username> WITH PASSWORD '<password>'

Create your first database, replacing the <database-name> value with something more appropriate

CREATE DATABASE <database-name>Now complete the user setup by assigning the correct privileges, substituting the relevant values with those used previouslyGRANT ALL PRIVILEGES ON DATABASE <database-name> to <username>When finished, quit by typing \q

-bash-4.1$ exitexit

Changing logging parameters

You can alter the logging parameters to customise the recorded values.$ sudo vi /var/lib/pgsql/data/postgresql.confScroll down and find the following linelog_line_prefixNow uncomment and change this line to readlog_line_prefix = '%d %u %t'

This will use the database name, username, and timestamp format when writing the log files,

Save the file and restart the database server$ sudo service postgresql restart

Connecting to Postgresql

Connecting to Postgresql is different to connecting to MySql,to access to access the database, first issue the folowing$ sudo so postgresNow access the interactive screen by typingpsql template1-bash-4.1$ psql template1

Password:psql (8.4.13)Type "help" for help.template1=#

From here you can use SQL to complete any template related task, you can quit the terminal by typing\qThis command will return you to the postgres user prompt, which you can close at any time by issuing the following commandexit

Accessing a specific database as a specific user

If you wish to access a specific database as a specific user you would begin by accessing the main terminal as postgresql user

$ sudo su ­ postgresHaving done this you would access the relevant database by using the appropriate user in the following waypsql -d <database-name> -U <username> ­WComplete this process by submitting your password when requested The entire process may look similar to below$ sudo su - postgres-bash-4.1$ psql -d <database-name> -U <username> -WPassword for user <username>psql (8.4.13)Type "help" for help<database-name>=>

Creating a copy of a database in PostgreSQLYou can use any existing database on the server as a template when creating a new database.

To do this, simply access the psql console as postgres user, and issue the following command.

Sunday, 4 August 2013

E-mail capability for the root user is not activated by default and you may find it useful to ensure that this service is enabled and able to send messages.

You may be required to generate e-mail reports that should be issued to, or generated on the behalf of the root user, while those of you who enjoy the benefit of e-mail in order to issue notices will want a convenient solution that may not require a comprehensive mail server. E-mail capability is essential to every aspect of the administrator's role and this post looks at activating the root's e-mail and enabling all messages to be sent to a destination of your choice.We install and set up mailx, a sending and recieving facility for mail on a Linux system.First download mailx with yum$ sudo yum -y install mailxOpen up the aliases file to add an address$ sudo vi /etc/aliasesScroll down to the person who gets roots email# root: marcUncomment the line and change the value to your choiceroot example@yourdomain.com

You can also send it to existing users as below

root: username1, username2

Save and close the file, then run the following to implement changes.

newaliases Now send a test Email to check it works properly.# echo "Test Email" | mail -s "This is a test email." externalemail@domain.comYou can check if anything is in the mailbox with$ mailqMail queue is emptyAnd not forgetting the manual pages$ man mailxQuick and easy set up of the Mailx program.

Friday, 2 August 2013

While the Fluxbox. Thunar and Rxvt Desktop is fine for most users purposes, being pretty much the fastest performing of all the various Desktop environments, some users may prefer to use a different one for a variety of reasons, ie accessibility, and may want to use the Gnome Desktop, which is also a popular addition in Centos 6.

64-bit users should be aware that the desktop environment will result in your system using a mixture of 32-bit and 64-bit software. This may change over time, but at the time of writing this book, most desktop applications are still 32-bit.

To install the GNOME desktop environment, log in as root and type the following command to install the necessary packages and dependencies

Security-Enhanced Linux is a robust security mechanism that is enabled by default. It improves, and as the name implies, enhances the security of the server but sometimes the need arises to disable it in order to install a new package such as cPanel, DirectAdmin, or Plesk, or to speed up the process of server management. This is not something you would normally do and in some circles it is frowned upon but occasionally you may feel it is the best solution.

The three enforcement levels for SELinux are

enforcingpermissivedisabled

Here we are going to set it to disabled in order to perform the required task.

To determine the current state of SELinux you can run

$ getenforceEnforcing

So open up in the editor as follows

$ sudo vi /etc/sysconfig/selinux

Scroll down to find the line that reads

SELINUX=

Change the line to read

SELINUX=disabled

So the file should appear as below

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:#enforcing - SELinux security policy is enforced.#permissive - SELinux prints warnings instead of enforcing.#disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:#targeted - Targeted processes are protected,#mls - Multi Level Security protection.SELINUXTYPE=targeted

That's it, now reboot the system

# reboot

SELinux is enabled during the boot process and has three running states

Enforcing - Enforces security and and access policies around files and processes

Permissive - This level allows operations that would otherwise be blocked, report messages are sent to /var/log/audit/audit.log indicating which operations would have to be blocked. In this state the mechanism that labels files and processes according to SELinux policies is still active.

A common way to share files across different computer systems is to install and configure Samba as a standalone file server.

Standalone servers are configured to provide local authentication and access control to all the resources they maintain.

They are independent of all domain controllers and where a standalone server is expected to function like a workgroup server, they can use either a simple or complicated configuration in order that all data served will be readily accessible to the entire user base.

Samba on Centos 6

Samba remains a very popular open source distribution and here we look at how to deliver an instant approach to file sharing that provides seamless integration for any number of users on any type of modern computer across your entire working environment.

This assumes that you are using a Static IP address.
If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. Similarly, if you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.

First download and install the necessary packages

$ sudo yum install samba samba-client samba-commmon

Now rename the original configuration file

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Create a new configuration file in your preferred text editor

$ sudo vi/etc/samba/smb.conf

Build your new configuration by adding the following lines, substituting the values shown with your own.

MY_SERVERS_NAME refers to the name of your server. In most
situations this could be in the form of FILESERVER or SERVER1
and so on.
ethX refers to the name of your primary Ethernet interface. In
most situations this could be eth0.
XXX.XXX.XXX.XXX/XX refers to the primary network address.
This will be something similar to 192.168.1.100/24.

Now configure Samba as a standalone server. Continue to
add the following lines to your main configuration file

Now add support for home directory sharing by enabling valid users to
access their home directories. This feature will support the appropriate read/write
permissions and all folders will remain private from other users. Add as below